search

gustavo-iniguez-goya / opensnitch

OpenSnitch is a GNU/Linux application firewall
GNU General Public License v3.0
394 stars 20 forks source link

Clicking links in Firefox sometimes causes an "Outgoing connection" request from "Unknown process" #46

Closed kuremu closed 4 years ago

kuremu commented 4 years ago

Hello, I have been using this fork of OpenSnitch for a couple of days and it is going great.

Describe the bug

I have added Allow rules for outgoing Firefox connections on port 80 and 443. This works fine, but when clicking on a link I occasionally get an Outgoing connection request from Unknown process to a domain associated with the website I am visiting. For example when I clicked on a Reddit comments link:

a

Note the suggested IP address 151.101.29.140 doesn't seem to be www.redditstatic.com, but some Reddit server hosted in my country, at least at one point.

To Reproduce

Allow Firefox connections to 80/443, and browse around for a while, eventually an Outgoing connection dialog from Unknown process displays.

Expected behavior

I would expect not to see these requests at all, at least not from Unknown process.

OS (please complete the following information):

Another example

b

Again, the domain github.githubassets.com does not point to the IP 185.199.108.154, but the IP does point to a github server of some sort.

Ph0rk0z commented 4 years ago

Try to set up audit and see if it figures things out.

gustavo-iniguez-goya commented 4 years ago

Hi kuremu! thank you for reporting this behavior.

Unfortunately sometimes opensnitch is unable to get the PID or the process name. There're several reasons that may cause this problem, like a high system load or opening connections too fast (nmap for example). This is a known limitation, and due to how opensnitch works there's little I can do for now.

I run it with default action Deny, and InterceptUnknownConnections not checked. And as far as I can tell it works fine.

You can also use ProcMonitorMethod: audit, and see if it makes any difference.

kuremu commented 4 years ago

Thanks @Ph0rk0z and @gustavo-iniguez-goya, I'll have a look at these other options (and I'll close the issue as it sounds like a hard limitation)

Update: unchecking InterceptUnknownConnections seems to have solved this problem for me.